There are infrequent occasions when genuinely unavoidable super-user
access is required to systems. For example, when hardware is being
rebuilt, or the operating system is itself being re-configured,
it may be necessary for an engineer to work in single-user mode
and subject the system to frequent re-starts.
In this event, the administrator must be in possession of a
super-user password for the duration of such activity. Subsequently,
however, security considerations require that the root password
should be changed and the new one stored safely for release only
by the person with responsibility for the system.
COSduty-SSA includes a password vault. This is a single secure
repository for all the administrator passwords of the systems
in the data centre.
The vault allows the construction of a schedule in accordance
with which root passwords can be changed automatically (typically
at the end of each working day) and then propagated to all or
a designated subset of remote systems. Different passwords may
be used for different groups of managed servers, for example highly
secure servers, medium security servers, less secure servers.
The systems provides mechanisms to generate passwords according
to rules reflecting organizational policy, for example minimum
and maximum lengths, first character being a number, second an
upper case alpha, etc.
Passwords are stored in an encrypted form on the COSduty-SSA
Access Server. Only those members of the appropriate COSduty-SSA
role are authorized to retrieve them, at which time passwords can
be displayed in clear text for personal transmission to the individual
who requires to use it. Between systems, passwords are always
transmitted in encrypted form.
The dependence on the COSduty-SSA Access Server dictates the
use of a resilient service so that either multiple access servers
or the COSduty-SSA failover module should be deployed.
.gif){kind=small}
